smart focus webview 7.x belden 090226
TRANSCRIPT
Trapeze Networks™
Smart Focus Course
MX Management with WebView
Version 7.x
© 2009 Trapeze Networks, Inc. All rights reserved.
Trademarks
Trapeze Networks, the Trapeze Networks logo, the Trapeze Networks flyer icon, Mobility System, Mobility Exchange, MX, Mobility Point, MP, Mobility System Software, MSS, RingMaster, AAA Integration and RADIUS Scaling, ActiveScan, AIRS, Bonded Auth, FastRoaming, Granular Transmit Power Setting, GTPS, GuestPass, Layer 3 Path Preservation, Location Policy Rule, LPR, Mobility Domain, Mobility Profile, Passport-Free Roaming, SentryScan, Time-of-Day Access, TDA, TAPA, Trapeze Access Point Access Protocol, Virtual Private Group, VPG, Virtual Service Set, Virtual Site Survey and WebAAA are trademarks of Trapeze Networks, Inc. Trapeze Networks SafetyNet is a service mark of Trapeze Networks, Inc. All other products and services are trademarks, registered trademarks, service marks or registered service marks of their respective owners.
Disclaimer
All statements, specifications, recommendations, and technical information are current or planned as of the date of the publication of this document. They are reliable as of the time of this writing and are presented without warranty of any kind, expressed or implied. In an effort to continuously improve the product and add features, Trapeze Networks reserves the right to change any specifications contained in this document without prior notice of any kind.
Trapeze Networks, Inc.5753 W. Las Positas Blvd.Pleasanton, CA 94588
Tel: +1 925-474-2200Fax: +1 925-251-0642Toll-Free: 877-FLY-TRPZ (877-359-8779)
www.trapezenetworks.com
ii
Table of Contents
WebView Summary—Page 3
Part 1: Web QuickStart—Page 5
Lab 1: Web QuickStart—Page 27
Part 2: WebView Management—Page 34
Part 3: WebView Monitoring—Page 48
Part 4: WebView Maintenance—Page 58
Part 5: Common WebView Tasks—Page 67
Lab 2: WebView Management—Page 85
Answers to Lab Questions—Page 90
iii
iv
MX Management with WebView
1
MX Management with WebViewDescription
This Smart Focus course covers the WebView management interface available on the Trapeze Networks’ Mobility Exchanges.
The Web QuickStart Wizard is described in detail then the WebView interface introduced and its capabilities for the Management, Monitoring and Maintenance of an individual MX are discussed.
1
Figure 1. Webview—Topics
WebView—Topics
MX Management with WebView
2
WebView Summary
Figure 2. WebView Summary
WebView Summary
☛ Each model of MX may be managed via a secure Web Browser-based management interface. On all models of MX except the MX-2800 the default configuration allows the quick and easy configuration of the system using a ‘Web QuickStart’ utility.
☛ The primary advantage of the WebView interface is that it is simple to use. The main disadvantage is that it can only be used for managing settings on the one MX, it cannot replace RingMaster as the preferred tool for managing multiple MXs, Mobility Domains or MX Clusters.
☛ Advantages of WebView:
❏ WebView provides a simple and easy to use interface for:
❍ Individual MX configuration.
❍ Individual MX management.
❍ Individual MX monitoring
❏ No additional SW or licenses required in order to enable and use the WebView interface.
❏ Supports the configuration of multiple service types:
MX Management with WebView3
WebView Summary
❍ Enterprise-grade WPA-2 service with 802.1X authentication against an external RADIUS server or local user database.
❍ Web Portal service with authentication against an external RADIUS server or local user database.
❍ Open access service.
❍ MAC authentication service for the control of access for devices.
❏ Maintenance Wizards for common tasks:
❍ Restart System—for restarting the MX.
❍ Manage Configurations—to manage MX configuration files, whether saved locally on the MX or stored on an external server.
❍ Update System Software—to update the MX to the latest MSS SW version.
❍ Update Certificates—to request or create the TLS certificates required by the system (EAP, Web, Admin).
❍ Manage Web Portal Access Page—used to customize the Web Portal login page seen by users when connecting to a Web Portal service.
☛ Limitations of WebView:
❏ It is a utility for the configuration and management of a single MX only.
❏ WebView does not support Mobility or Networks Domains or Clusters.
❏ A single RADIUS server group only is supported.
❏ WebView has limited monitoring capabilities and no reporting capabilities.
Note. RingMaster is the preferred management interface for multiple MXs with full support for Mobility and Network Domains, Clustering and extensive RF Planning, monitoring and reporting capabilities.
MX Management with WebView
4
Web QuickStart
Figure 3. Web QuickStart
Web QuickStart
☛ This chapter describes the Web QuickStart Wizard within WebView which must be run on first time access to all MXs except the MX-2800.
MX Management with WebView5
Web QuickStart
Figure 4. Web QuickStart Overview
Web QuickStart Overview
MX Management with WebView
6
Web QuickStart
Figure 5. MX Default Settins
MX Default Settings☛ The default settings for all MXs (except the MX-2800) allow a quick and easy
connection to WebView in order to run the Web QuickStart Wizard.
☛ The default MX configuration includes:
❏ System name—set to the MX model type with the last 3 Bytes of the MX system MAC address (the unique host-specific part).
❏ Default IP address—the default IP address set is 192.168.100.1 with a 24bit netmask (i.e. 255.255.255.0). No default gateway is specified.
❏ At least 1 Ethernet port on the VLAN—the Ethernet ports that are allocated to the default VLAN depend on the model of MX:
❍ MXR-2 and MX-8: all Ethernet ports are assigned to the default VLAN.
❍ MX-200: Ethernet port 3 only is assigned to the default VLAN (the ‘Management’ port).
❍ MX-216: Ethernet port 19 only is assigned to the default VLAN (the ‘Management’ port)
Note. the default VLAN has the VLAN name of ‘default’ with VLAN ID of ‘1’.
❏ DHCP server enabled—allocating addresses on the default interface (VLAN) subnet. The DHCP address pool is the full range of the address space available on the subnet with the .1 address used by the MX.
MX Management with WebView7
Web QuickStart
❏ HTTPS server enabled—to allow a secure browser session to be initialized against the MX.
☛ These settings allow a PC connected to a management port on the MX (or to the same Ethernet segment) to receive a dynamic IP configuration from the MX, initialize a secure Web Browser management session with the MX and manage it in WebView.
❏ In order to verify that the MX is reachable from the PC a command line ‘Ping’ utility is available. Check that the PC has received an IP address from the MX in the 192.168.100.0 subnet and ensure that the PC responds to a ping from the MX.
Note. default settings on the MX-2800 include only a system name and HTTPS server enabled. In order to use the WebView interface on an MX-2800 it is necessary to first configure and enable an IP interface.
MX Management with WebView
8
Web QuickStart
Figure 6. Computer IP Settings
Computer IP Settings☛ In order to connect to the MX from a Web Browser:
❏ Connect the PC to an IP-enabled MX management port (or to the same Ethernet segment) using a standard Cat 5 patch cable.
❏ Ensure that the PC is set to ‘Obtain an IP address automatically’.
❏ Verify that the PC receives an IP address on the 192.168.100.0/24 subnet.
❏ Check that the MX responds to a ping from the PC.
MX Management with WebView9
Web QuickStart
Figure 7. Connecting to QuickStart
Connecting to QuickStart☛ In order to connect to the MX from a Web Browser:
❏ Open a Web Browser and key in the IP address of the MX (192.168.100.1) in the address line.
❏ The Browser session will switch to an HTTPS connection and the Browser will report a certificate ‘problem’.
Note. at default settings the MX’s Web certificate is a self-signed X.509 certificate with the Common Name set to the model of the MX.
❏ In order to continue to the WebView interface it is necessary to manage the certificate issue:
❍ FireFox: select ‘Add Exception’, download the MX’s certificate and confirm the exception.
❍ Internet Explorer: select ‘Continue to the Website (not recommended)’.
MX Management with WebView
10
Web QuickStart
Figure 8. Web QuickStart Login
Web QuickStart Login☛ In order to connect to the MX from a Web Browser:
❏ Login to the WebView interface, the default admin user credentials are:
❍ Username: ‘admin’.
❍ Password: blank (i.e. there is no password).
MX Management with WebView11
Web QuickStart
Figure 9. Launching Web QuickStart
Launching Web QuickStart☛ To launch the Web QuickStart Wizard click on the ‘Start’ button and use the
‘Next’ and ‘Back’ buttons to navigate through the Wizard.
Note. it is not possible to access the remainder of the WebView interface until the Web QuickStart Wizard has been completed.
☛ Configure the following Web QuickStart settings:
❏ Whether or not to disable the WebView interface—set this parameter based on your choice of primary management utility for the MX going forward:
❍ For RingMaster management select ‘Yes’.
❍ For WebView management select ‘No’.
Note. if ‘Yes’ is selected only the following parameters may be set in the Web QuickStart Wizard: System Name, Country Code, IP Configuration, Admin Password, System Date and Time. These settings are sufficient to allow RingMaster to communicate with the MX and take it under management.
❏ MX Name—set an appropriate system name for the MX.
❏ Country Code—set the correct Country Code for the MX.
MX Management with WebView
12
Web QuickStart
Caution! the Country Code is an important parameter that controls what APs are available on the system, and what channels and transmit powers may be used on the radios. Set this value to the correct Regulatory Domain ! It is the operator of any wireless equipment that is responsible for ensuring that it is operated within the local regulations.
❏ IP Configuration—set an appropriate IP configuration for the MX’s default interface (VLAN ‘default’ with VLAN ID ‘1’). Specify the correct values for:
❍ MX IP address.
❍ Subnet mask specified by length in bits, e.g. for a Class C subnet specify ‘24’ bits (255.255.255.0).
❍ Subnet default router IP address.
❏ Admin Password—set an admin password. This password will be used for two purposes:
❍ The password for the Admin user (named ‘admin’).
❍ As the ‘Enable’ password for the MX.
MX Management with WebView13
Web QuickStart
Figure 10. Setting System Data and Time
Setting System Date and Time☛ Continue with the Web QuickStart Wizard and configure the following settings:
❏ System Date and Time—set the correct date and current time. Specify also the correct Timezone. Indicate whether to enable:
❍ Network Time Protocol (NTP): if this is enabled it is also necessary to specify the IP address of a NTP server.
Note. NTP is recommended to ensure time synchronisation of the MX with other network components.
❍ Daylight Savings Time: when enabled the MX will automatically adjust its clock forward and back to adjust for daylight savings time.
☛ A Daylight Savings Profile (if required)—if daylight savings time adjustments are enabled it is necessary to create a DST profile to control the date and time to adjust the system clock.
Note. a default DST profile is presented with the ‘standard’ start and end dates.
MX Management with WebView
14
Web QuickStart
Figure 11. Creating the Primary Service
Creating the Primary Service☛ Continue with the Web QuickStart Wizard and configure the following settings:
❏ The primary service authentication method—which authentication method is required for the primary service and whether to create a guest service. The primary service authentication methods available are:
❍ 802.1X.
❍ Web Portal.
❍ None.
❏ The SSID name—for the primary service. It is also possible to edit the Service name.
❏ Set a default VLAN tag value—select whether the default VLAN should be tagged and if so set the correct tag value.
❏ Select the security method to be used on the primary service—the options available are:
❍ RSN (WPA2).
❍ WPA.
❍ Dynamic WEP.
Note. both ‘Enterprise’ and ‘Consumer’ options are available for WPA/WPA-2 security.
MX Management with WebView15
Web QuickStart
❏ Configure the desired Cipher Suite for the primary service—the options available are:
❍ RSN AES (CCMP).
❍ RSN TKIP.
❍ RSN WEP 104.
❍ RSN WEP 40.
❍ WPA AES (CCMP).
❍ WPA TKIP.
❍ WPA WEP 104.
❍ WPA WEP 40.
Warning! WEP offers little protection to the primary service as WEP keys may be recovered in a matter of minutes using freely available cracker tools. TKIP is vulnerable to a keystream recovery attack that, if successfully executed, permits an attacker to transmit 7-15 packets of the attacker's choice on the network. To ensure robust security on a WLAN Trapeze Networks recommends the use of WPA2 security with 802.1X authentication and the AES Cipher.
MX Management with WebView
16
Web QuickStart
Figure 12. Defining AAA Settings
Defining AAA Settings☛ Continue with the Web QuickStart Wizard and configure the following settings:
❏ The authentication target—the options available are:
❍ Local user database.
❍ Remote RADIUS server.
❏ Local users or RADIUS server details—specify the external RADIUS server settings (IP address, Shared Key) or create users in the local user database as necessary.
MX Management with WebView17
Web QuickStart
Figure 13. Adding Access Points
Adding Access Points☛ Continue with the Web QuickStart Wizard and configure the following settings:
❏ Indicate whether or not to configure APs.
❏ Create and configure the required APs—both ‘Direct Connect’ and ‘Distributed’ AP types are supported. Create an AP and configure:
❍ AP Name.
❍ AP Model.
❍ Radio modes for both the 2.4GHz and 5GHz radios (Enable, Sentry, Disable).
❍ The connection ‘mode’ (‘Directly connected’ or ‘Distributed’).
❍ The Port (direct connect APs).
❍ The AP serial number (distributed APs).
MX Management with WebView
18
Web QuickStart
Figure 14. Completing the Wizard
Completing the Wizard☛ Click ‘Finish’ to complete the Web QuickStart Wizard and apply the settings that
have been made.
Note. if the MX IP configuration has been changed during the Web QuickStart Wizard it will not be possible to connect to the WebView interface until the PC has been provided a valid IP configuration on either the same subnet or a subnet with a valid route to the MX’s subnet.
MX Management with WebView19
Web QuickStart
Figure 15. Re-connecting to WebView
Re-connecting to WebView☛ If necessary re-configure the PC’s Ethernet interface with a static IP address that
will allow it to communicate with the MX.
❏ Check that the MX responds to a ping from the PC.
MX Management with WebView
20
Web QuickStart
Figure 16. The WebView Monitor Interface
The WebView Monitor Interface☛ To re-connect to the WebView from a Web Browser:
❏ Add a security exception or ‘Continue to the Website’ as required by the Browser.
Note. as the MX’s hostname was changed the admin certificate is also changed.
❏ Login using the credentials:
❍ Username: ‘admin’.
❍ Password: as configured in the Web QuickStart Wizard.
☛ The WebView ‘Home page’ is the ‘Status | Summary’ page of the ‘Monitor’ section.
MX Management with WebView21
Web QuickStart
Figure 17. The Web QuickStart Configuration
The Web QuickStart Configuration☛ The resulting Web QuickStart configuration on the MX has the following settings:
❏ All MX Ethernet ports are now members of the VLAN ‘default’ (except for any ports configured as ‘direct connect’ AP ports).
Note. MX Ethernet ports may be configured either as an ‘AP’ port or a ‘network’ port. An AP port cannot be a member of any statically defined VLAN on the MX, VLANs will be assigned to the port dynamically as users connect. VLANs are mapped depending on either the service a user connects to, or as the VLAN specified by the RADIUS server during authorization (identity-based networking).
❏ The IP configuration is as set in the Wizard.
❏ The DHCP server is disabled on the VLAN.
❏ RADIUS servers, services and users are created as specified in the Wizard.
☛ To review the status of the configured APs at the CLI use the command:
#show ap status [verbose]
☛ To re-enable the DHCP server on the MX at the CLI use the command:
#set interface 1 ip dhcp-server enable [start <IP address>] [stop <IP address>]
Note. distributed APs require a valid IP address before they can discover the MX with their configuration and put themselves into service. Do not enable DHCP on the MX if there is already a DHCP server on the subnet.
MX Management with WebView
22
Web QuickStart
Figure 18. Client Connection Attempt
Client Connection Attempt☛ Once the APs are operating the primary service SSID will be visible to any
wireless client device in range. Configure the device as required for access to the service, e.g.
Note. the example discussed here is a connection to an 802.1X service from a Windows XP client device running the Windows ‘Zero Configuration Client’.
❏ View the available networks and double-click on the correct SSID.
❏ Wait for the connection attempt to fail.
Note. the connection attempt will fail as the client device is not yet correctly configured. Trying and failing in this way achieves two things; 1/ it adds the SSID to the ‘Preferred Networks’ list 2/ it automatically detects what cryptography is required on the SSID.
❏ To configure the client connection:
❍ Click on ‘Change the order of preferred networks’.
❍ Select the correct SSID and click on ‘Properties’.
MX Management with WebView23
Web QuickStart
Figure 19. Client Connection Configuration
Client Connection Configuration☛ Review and accept the ‘Association’ cryptography settings auto-detected by
Windows.
☛ On the ‘Authentication’ tab select the appropriate EAP type click on ‘Properties’ and configure:
❏ Server certificate validation—disable this to begin with add it back later if required.
Note. the correct Certificate Authority Root certificate is required on the client device in order to enable this option.
❏ Automatic Login—disable this to begin with add it back later if required.
Note. the external RADIUS server credentials must match the local client credentials in order for this option to be used. Typically Microsoft Active Directory is used for automatic logins.
☛ Click on ‘OK’ to exit the wireless configuration dialog.
MX Management with WebView
24
Web QuickStart
Figure 20. Client Connection
Client Connection☛ If necessary refresh the wireless networks list, then click in the ‘Wireless Network
Connection’ bubble and provide:
❏ A valid username.
❏ The correct password for the user.
❏ The correct Logon domain (if used).
☛ The status of the wireless connection should proceed through:
1 Validating identity.
2 Attempting to authenticate.
3 Acquiring network address.
4 Connected.
MX Management with WebView25
Web QuickStart
Figure 21. The WebView Interface
The WebView Interface☛ The WebView interface showing a single connected client on the AP.
MX Management with WebView
26
Lab 1: Web QuickStart
Figure 22. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView27
Lab 1: Web QuickStart
Figure 23. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView
28
Lab 1: Web QuickStart
Figure 24. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView29
Lab 1: Web QuickStart
Figure 25. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView
30
Lab 1: Web QuickStart
Figure 26. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView31
Lab 1: Web QuickStart
Figure 27. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView
32
Lab 1: Web QuickStart
Figure 28. Lab 1: Web QuickStart
Lab 1: Web QuickStart
MX Management with WebView33
WebView Management
Figure 29. WebView Management
WebView Management
☛ WebView can be used for the management of an individual MX.
Note. WebView is a simple management interface for a single MX, not all Smart Mobile System features can be configured via WebView, e.g. Mobility Domains, Network Domains, Clustering.
MX Management with WebView
34
WebView Management
Figure 30. WebView Management—Topics
WebView Management—Topics
MX Management with WebView35
WebView Management
Figure 31. The WebView Interface
The WebView Interface☛ Summary information is displayed on the top right hand side of the Browser
page:
❏ System Name.
❏ Model.
❏ Version.
☛ There are three main sections of the interface:
❏ Configure.
❏ Monitor.
❏ Maintain.
☛ In each of the main sections a side bar navigation menu on the left hand side gives access to the available options and settings.
☛ When configuring settings navigation buttons may become available, e.g. ‘Back’, ‘Next’, ‘Finish’, ‘Apply’, ‘Cancel’.
☛ A ‘Logout’ and ‘Save Config’ button are available at top right.
☛ Access to help for the interface or for a specific setting is available. Help pages are Web pages loaded in the
MX Management with WebView
36
WebView Management
Figure 32. MX General Settings
MX General Settings☛ Review or set basic system Information on the ‘Configure | System | General’
pages.
Note. use the ‘Apply’ button to save changes to the MX.
❏ Information settings:
❍ System name (required)—specify a hostname for the MX.
❍ Country Code (required)—set the correct Country Code for the MX.
Caution! the Country Code is an important parameter that controls what APs are available on the system, and what channels and transmit powers may be used on the radios. Set this value to the correct Regulatory Domain ! It is the operator of any wireless equipment that is responsible for ensuring that it is operated within the local regulations.
❍ DFS restriction (optional)—restrict 5GHz radios to the UNII 1 channels only (channel 36 to channel 64).
❍ Location (optional)—text string indicating where the MX is installed.
❍ Contact (optional)—text string indicating who is responsible for managing the MX.
❏ System Time:
❍ System date—set the current date on the MX.
MX Management with WebView37
WebView Management
❍ System time—set the current time on the MX.
❍ Enable NTP—indicate whether to use Network Time Protocol (NTP) for synchronizing system date and time with an external NTP server.
❍ NTP Servers—configure up to 3 NTP servers (optional).
❍ System timezone—specify the correct timezone the MX is installed in indicating the right offset from Universal Time (UT aka GMT).
❍ Enable DST—indicate whether to enable Daylight Saving Time (DST) to automatically correct the system clock forward and backwards in the Spring and Autumn.
❍ Daylight Savings profile—configure an appropriate DST profile to indicate when the system clock is to be changed to and from DST.
MX Management with WebView
38
WebView Management
Figure 33. MX IP Services
MX IP Services☛ Review or set IP service Information on the ‘Configure | System | IP Services’
pages.
❏ IP Settings:
❍ Select the IP interface (VLAN) to be used as the System interface (from the configure interfaces).
❍ Specify the default router IP address.
❏ DNS Settings:
❍ Enable the DNS service.
❍ Set the default DNS domain
❍ Specify a primary and (optionally) secondary DNS server IP addresses.
MX Management with WebView39
WebView Management
Figure 34. MX Port Configuration and VLANs
MX Port Configuration and VLANs☛ Review or set Port configurations on the ‘Configure | System | Ports’ page.
Port configurations include:
❏ Port name—optional name for the port.
❏ Port status—enabled or disabled.
❏ PoE status—enabled or disabled.
❏ Link Speed—’auto’ (to auto-detect the Ethernet link speed), 10Mbps or 100Mbps (1000Mbps on ports that support this speed).
❏ Link Mode—full or half duplex.
☛ Review or set VLAN configurations on the ‘Configure | VLANs’ page. VLAN configuration settings include:
❏ VLAN tab:
❍ VLAN ID—the ID for the VLAN.
❍ VLAN name—a logical name for the VLAN.
❍ Spanning tree enabled—whether to enable the Spanning Tree Protocol (STP) on the VLAN.
❍ IGMP enabled—whether to allow Internet Group Messaging Protocol snooping on the VLAN.
MX Management with WebView
40
WebView Management
❏ Ports tab:
❍ Add or remove ports to the VLAN.
❍ Indicate whether they are to be tagged.
❍ Set a tag value.
❏ IP tab:
❍ Interface status—whether or not the IP interface on the VLAN is enabled.
❍ DHCP Client—whther or not the MX is to receive a dynamic IP configuration from a DHCP server on the VLAN.
❍ IP address—the MX’s IP address on the VLAN.
❍ Netmask—the length of the subnet mask in bits.
Note. an IP address for the MX is not required on each VLAN defined on the MX. An IP configuration is only required on a VLAN if the MX is to be managed on the VLAN or if Web Portal users are to be supported on the VLAN.
❏ DHCP Server tab:
❍ DHCP Server status—enabled or disabled.
❍ DHCP starting address—the first address of the DHCP scope on the VLAN.
❍ DHCP ending address—the last address of the DHCP scope on the VLAN.
Note. if a DHCP server is already available on the VLAN/subnet there is no need to enable DHCP on the MX.
MX Management with WebView41
WebView Management
Figure 35. MX Security Settings
MX Security Settings☛ Review or set MX security configurations on the ‘Configure | System |
Security’ page. The available security settings are:
❏ Set and confirm the ‘Admin’ password—this password is used for both the admin user and as the enable password.
❏ Enable Telnet—whether or not to enable the Telnet service on the MX.
❏ Enable SSH—whether or not to enable the SSH service on the MX.
❏ Require console login—force admin users to login to the console.
Note. Telnet is the only insecure management interface on an MX and it is disabled by default.
MX Management with WebView
42
WebView Management
Figure 36. Wireless Service Settings
Wireless Service Settings☛ Review or create wireless services (SSIDs) on the MX from the ‘Configure |
wireless | Services’ page.
☛ The types of service that may be created are:
❏ 802.1X—WPA or WPA2 Enterprise authentication against an external RADIUS server or the local user database.
❏ Web—captive portal authentication for user accounts on an external RADIUS server or the local user database.
❏ Open Access—no authentication.
❏ MAC Authentication—authentication using the Wireless Network Interface Card (NIC) hardware address against an external RADIUS server or the local user database.
☛ The encryption options available for each service type are:
❏ AES—with keys negotiated during authentication or with a Pre-Shared Key (PSK).
❏ TKIP—with keys negotiated during authentication or with PSK.
❏ WEP—with dynamic or statically defined keys.
MX Management with WebView43
WebView Management
Figure 37. Access Point Configuration
Access Point Configuration☛ Review or create Access Points (APs) on the MX from the ‘Configure | wireless
| Access Points’ page. Two types of AP may be created:
❏ Direct Connect AP—an AP physically directly connected to a PoE port on the MX configured as an ‘AP port’. The port must be configured to expect a specific model of AP.
❏ Distributed AP—an AP connected on a network segment reachable by the MX with an independent PoE supply. The AP configuration on the MX MUST include the AP’s serial number as well as the AP model.
Note. an AP may also be physically directly connected to an MX ‘network port’ with PoE enabled and managed as a distributed AP.
☛ Having created the APs the 2.4GHz and 5GHz radios may be configured for:
❏ Radio Mode—enabled, disabled or listening for Rogue devices in ‘Sentry’ mode.
❏ Antenna Type and Location—internal or external, indoor or outdoor.
❏ Operating Channel—select from the channels available for the MX’s country code.
❏ Transmit Power—the available power values vary depending on the MX’s country code and the channel selected for the radio.
MX Management with WebView
44
WebView Management
Figure 38. Access Point Configuration
Access Point Configuration☛ Review or configure global AP settings on the MX from the ‘Configure |
wireless | Access Points’ page.
☛ On the ‘Settings’ tab you may configure:
❏ Auto-tune—Channel (enabled by default) and Power (disabled by default).
❏ Global Load-balancing—enabled by default.
❏ 802.11n settings—modes, channel widths and guard intervals (only applicable to 802.11n capable APs).
☛ On the ‘Auto-configure’ tab:
❏ Enable AP auto-configuration.
❏ Set the 802.11n modes for auto-configured APs
Note. AP auto-configuration allows the MX to put ANY distributed AP into service regardless of its model or serial number, up to the AP capacity of the MX.
MX Management with WebView45
WebView Management
Figure 39. RF Detect Lists
RF Detect Lists☛ Create or review RF Detect lists on the MX from the ‘Configure | wireless | RF
Detect’ page. Three lists are available:
☛ Neighbor List:
❏ Add the BSSID (MAC address) of the APs of your neighbors, to prevent them from being attacked as Rogues when RF Countermeasures are enabled.
☛ Rogue List:
❏ Add the BSSID (MAC address) of the APs that you have confirmed are ‘Rogues’, this will ensure that they are attacked when RF Countermeasures are enabled.
☛ SSID List:
❏ Add a list of known SSIDs that are active within range of the APs. This prevents the system from treating APs advertising these SSIDs as suspect devices and generating alarms.
MX Management with WebView
46
WebView Management
Figure 40. Users, Devices and RADIUS
Users, Devices and RADIUS☛ Create or review Users, Devices and RADIUS Servers on the MX from the
‘Configure | Authentication’ pages.
☛ The ‘Users’ page:
❏ Create or manage users and user groups in the MX’s local user database.
☛ The ‘Devices’ page:
❏ Create or manage devices and device groups in the MX’s local user database.
☛ The ‘RADIUS’ page:
❏ Add or manage an external RADIUS server used for authenticating wireless users.
MX Management with WebView47
WebView Monitoring
Figure 41. WebView Monitoring
WebView Monitoring
☛ WebView has the capability for the limited monitoring of an individual MX.
MX Management with WebView
48
WebView Monitoring
Figure 42. WebView Monitoring—Topics
WebView Monitoring—Topics
MX Management with WebView49
WebView Monitoring
Figure 43. Status Monitoring
Status Monitoring☛ To see an overview of the MX status go to the ‘Summary’ tab on the ‘Monitor |
System | Status’ page. This page gives an overview of:
❏ CPU and Memory status.
❏ Packet and Data Rates.
❏ AP and Client summaries.
❏ Uptime.
❏ Fan, Power and Port status.
MX Management with WebView
50
WebView Monitoring
Figure 44. Status Monitoring
Status Monitoring☛ To see charts of current MX performance status go to the ‘Performance’ tab on
the ‘Monitor | System | Status’ page. This page displays charts of:
❏ MX CPU Load (%).
❏ MX Memory Utilization (Mb).
MX Management with WebView51
WebView Monitoring
Figure 45. Status Monitoring
Status Monitoring☛ To see charts of current MX data rates go to the ‘Data Rate’ tab on the ‘Monitor
| System | Status’ page. This page displays charts of:
❏ MX Data Rate (Bytes / Second).
❏ MX Packet Rate (Packets / Second).
MX Management with WebView
52
WebView Monitoring
Figure 46. The MX Log
The MX Log☛ To see the MX Log go to the ‘Monitor | System | Log’ page.
❏ Page Navigation controls are available at the top of the page allowing you to step through the Log pages sequentially (forwards or backwards), or jump to the first, last or a specified page.
❏ The number of Log entries per page can be set to: 10, 20, 50, 100.
❏ The Log may be filtered:
❍ By Severity Level: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug.
❍ By a text string.
❍ By ‘Client Failures’.
Note. the ‘Client Failures’ option is useful for troubleshooting client connectivity problems.
MX Management with WebView53
WebView Monitoring
Figure 47. AP Status
AP Status☛ To view AP status go to the ‘Monitor | Wireless | Access Points’ page. The List
of the configured APs is shown with:
❏ Page Navigation controls at the top of the page allowing you to step through the AP list pages sequentially (forwards or backwards), or jump to the first, last or a specified page.
❏ The number of AP entries per page can be set to: 10, 20, 50, 100.
❏ AP summary information including:
❍ AP Number, Name and Model.
❍ 2.4GHz Radio summary: Clients, Mode (.11b/g/n), Channel, Power (dBm).
❍ 5GHz Radio summary: Clients, Channel, Power (dBm).
❍ AP Status.
☛ Expand the details for an individual AP to view:
❏ The AP’s Serial Number.
❏ The AP’s Fingerprint.
❏ MAC Address for Ethernet port 1.
❏ MAC Address for Ethernet port 2.
❏ The AP’s serial number (distributed APs) or port (direct connect APs).
MX Management with WebView
54
WebView Monitoring
Figure 48. Client Status and Link Test
Client Status and Link Test☛ To view Client status go to the ‘Monitor | Wireless | Clients’ page. The List of
the authenticated Clients is shown with:
❏ Page Navigation controls at the top of the page allowing you to step through the Client list pages sequentially (forwards or backwards), or jump to the first, last or a specified page.
❏ The number of Client entries per page can be set to: 10, 20, 50, 100.
❏ Client summary information including:
❍ Client Name, IP Address and MAC Address.
❍ The AP connected to, the operating channel and signal strength.
☛ A RF-Link test utility is available for individual Clients, click on the icon to initiate the test and to view:
❏ The number of packets sent and received.
❏ The Received Signal Strength Indication (RSSI).
❏ The Signal to Noise ratio.
❏ The Round Trip Time for individual pings.
Note. the RF-Link test is a Layer 2 (OSI Data Link Layer) ping from the AP to the Client device.
MX Management with WebView55
WebView Monitoring
Figure 49. The RF Neighbor List
The RF Neighbor List☛ To view active devices in the RF Neighborhood go to the ‘Monitor | Wireless |
RF Neighborhood’ page. The List of the active devices detected is shown with:
❏ Summary information for each entry:
❍ SSID—the ESSID advertised by the device.
❍ BSSID—the advertised device MAC address.
❍ Class—the system classification of the device (Suspect or Rogue).
❍ Band—the RF Band and technology of the device (11b, 11g, 11ng, 11a, 11na).
❍ Channel—the channel that the device is active.
❍ Listener—the MAC address of the Trapeze AP that ‘saw’ the device.
❍ Signal Strength—the RSSI that the signal from the device was seen at.
☛ RF Neighbor Management
❏ The detected neighbor devices may be selected and added to one of the available RF Detect lists:
❍ Neighbor List: Add the BSSID (MAC address) of the APs of your neighbors, to prevent them from being attacked as Rogues when RF Countermeasures are enabled.
❍ Rogue List: Add the BSSID (MAC address) of the APs that you have confirmed are ‘Rogues’, this will ensure that they are attacked when RF Countermeasures are enabled.
MX Management with WebView
56
WebView Monitoring
❍ Neighbor SSID List: Add a list of known SSIDs that are active within range of the APs. This prevents the system from treating APs advertising these SSIDs as suspect devices and generating alarms.
MX Management with WebView57
WebView Maintenance
Figure 50. WebView Maintenance
WebView Maintenance
☛ Wizards are provided to simplify certain maintenance tasks within WebView.
MX Management with WebView
58
WebView Maintenance
Figure 51. WebView Maintenance—Topics
WebView Maintenance—Topics
MX Management with WebView59
WebView Maintenance
Figure 52. The ‘Restart System’ Wizard
The ‘Restart System’ Wizard☛ To restart the system immediately go to the ‘Maintain | Wizards | Restart
System’ page and click on ‘Start’.
❏ The Wizard will ask you to select which Boot Partition to restart from and display the filename for the firmware files available in each partition.
❏ The system displays a confirmation request prior to restarting the MX.
MX Management with WebView
60
WebView Maintenance
Figure 53. The ‘Manage Configurations’ Wizard
The ‘Manage Configurations’ Wizard☛ To manage configuration files on the system go to the ‘Maintain | Wizards |
Manage Configurations’ page and click on ‘Start’.
☛ The available Management options are:
❏ Save the current configuration—to save the current MX configuration to the MX’s file store with the name specified. A link is provided to allow the configuration to also be saved on the PC’s file system.
❏ Restore a locally saved configuration—select a configuration file that was previously saved to the MX file store to be restored to the MX.
❏ Restore a remotely saved configuration—select a configuration file that was previously saved remotely to be restored to the MX. The file to be loaded must be available from the PC’s file system (local disk or network share).
Caution! when restoring a configuration file all current settings on the MX will be replaced by the settings specified in the stored file.
❏ Manage locally saved configurations—delete or download a configuration file from the MX.
Warning! if the default configuration file (named ‘configuration’) is deleted, the MX will re-boot to factory default settings on the next system restart.
MX Management with WebView61
WebView Maintenance
Figure 54. The ‘Update System Software’ Wizard
The ‘Update System Software’ Wizard☛ To update the Software version running on the system go to the ‘Maintain |
Wizards | Update System Software’ page and click on ‘Start’.
❏ Browse for and select the correct image file for the model of MX. The file naming convention for Trapeze Networks SW images is as follows:
❍ .002 extension—image file for an MXR-2.
❍ .008 extension—image file for an MX-8.
❍ .020 extension—image file for an MX-20.
❍ .200 extension—image file for an MX-200.
❍ .216 extension—image file for an MX-216.
❍ .04C extension—image file for an MX-400.
❍ .280 extension—image file for an MX-2800.
Note. the MX will not permit an invalid file to be copied to the inactive boot partition.
❏ Once the file has been transferred to the MX’s inactive Boot Partition you have the choice whether to restart the MX immediately.
❍ Restarting immediately will load the new version of SW.
❍ If the restart is deferred, the new SW version will be loaded on the next system restart.
MX Management with WebView
62
WebView Maintenance
Figure 55. The ‘Update Certificates’ Wizard
The ‘Update Certificates’ Wizard☛ To update any of the 3 X.509 certificates on the MX go to the ‘Maintain |
Wizards | Update Certificates’ page and click on ‘Start’.
☛ The Certificates available on the MX are:
❏ Admin—for initializing secure TLS management connections to the MX, e.g. from RingMaster.
❏ EAP—for initializing secure TLS-based EAP authentications in offload mode, e.g. PEAP-MSCHAPv2.
❏ Web—for initializing secure TLS browser sessions with the MX either for management (i.e. WebView) or for Web Portal authentications.
☛ There are 4 methods for updating the certificates:
❏ Generate a ‘Certificate Signing Request’ (CSR)—create a CSR that can be saved to the PC filing system and delivered to an appropriate Certificate Authority for signing. The following fields are available:
❍ Country name.
❍ State name.
❍ Locality name.
❍ Organization name.
❍ Organizational unit.
MX Management with WebView63
WebView Maintenance
❍ Common name (required).
❍ Email address.
❍ Unstructured name.
❏ Generate new Keys and a new Self-signed Certificate—create a new Public/Private key pair and configure a new self-signed certificate. The same fields are available as when creating a CSR.
Note. the ‘Unstructured Name’ field does not support the space character.
❏ Install a Certificate File—upload a Certificate File provided by a Certificate Authority. It is necessary to provide the password for the Private Key.
❏ Install a Signed Certificate—paste Device and CA Root Certificates into the WebView interface for them to be installed onto the MX.
MX Management with WebView
64
WebView Maintenance
Figure 56. The ‘Manage Web Portal Access Page’ Wizard
The ‘Manage Web Portal Access Page’ Wizard☛ To customize the Web Portal login page on the MX go to the ‘Maintain | Wizards
| Manage Web Portal Access Page’ page and click on ‘Start’.
❏ Specify whether the page is to be an ‘Authenticated web portal page’ (i.e. user logins are required) or simply an ‘Open web portal page’ (i.e. no login is required, it is a simple ‘splash’ page displayed on connection to the service).
❏ Edit the page title, welcome text and warning text as required.
❏ Browse for and select an image file to display as a logo at the top centre of the custom page.
❏ Preview the page to review the look and feel. If the page is incorrect simply run through the wizard again to correct it.
MX Management with WebView65
WebView Maintenance
Figure 57. Customer Support Details
Customer Support Details☛ To view contact details for Trapeze Networks Customer Support go to the
‘Maintain | Support | Customer Support’ page.
MX Management with WebView
66
Common WebView Tasks
Figure 58. Common WebView Tasks
Common WebView Tasks
☛ Some common WebView management tasks are described in detail.
MX Management with WebView67
Common WebView Tasks
Figure 59. Common WebView Tasks—Topics
Common WebView Tasks—Topics
MX Management with WebView
68
Common WebView Tasks
Figure 60. Adding an AP: Direct Connect
Adding an AP: Direct Connect☛ To add a direct connect AP to the MX configuration go to the ‘Configure |
Wireless | Access Points’ page and click on ‘Add New AP’.
☛ Specify AP name, model and connection method and click ‘Next’.
❏ Name the AP.
❏ Select the appropriate AP model.
❏ Specify ‘Directly corrected’ as the connection method.
❏ Select a port on the MX for the AP to be connected to.
☛ Configure the 2.4GHz radio and click ‘Next’.
❏ Specify the desired technology: 11ng, 11g, 11b.
❏ Set the radio mode: Enable, Sentry, Disable.
❏ Specify the antenna type: Internal, select an available antenna model.
❏ Specify the antenna location: Indoor, Outdoor.
❏ Set the desired channel.
❏ Set the required Transmit Power.
MX Management with WebView69
Common WebView Tasks
☛ Configure the 5GHz radio and click ‘Finish’.
❏ Specify the desired technology: 11na, 11a.
❏ Set the radio mode: Enable, Sentry, Disable.
❏ Specify the antenna type: Internal, select an available antenna model.
❏ Specify the antenna location: Indoor, Outdoor.
❏ Set the desired channel.
❏ Set the required Transmit Power.
MX Management with WebView
70
Common WebView Tasks
Figure 61. Adding an AP: Distributed
Adding an AP: Distributed☛ To add a direct connect AP to the MX configuration go to the ‘Configure |
Wireless | Access Points’ page and click on ‘Add New AP’.
☛ Specify AP name, model and connection method and click ‘Next’.
❏ Name the AP.
❏ Select the appropriate AP model.
❏ Specify ‘Distributed’ as the connection method.
❏ Specify the serial number of the AP.
❏ Optionally specify the ‘Fingerprint’ value for the AP.
Note. both the AP serial number and Fingerprint can be found on the label on the back of the AP. The Fingerprint is used to initialize a TLS connection to the AP for secure management of the AP.
☛ Configure the 2.4GHz and 5GHz radios and click ‘Finish’.
Note. the Radio settings are exactly the same as for a Direct Connect AP described above.
MX Management with WebView71
Common WebView Tasks
Figure 62. Creating a VLAN
Creating a VLAN☛ To create a VLAN on the MX go to the ‘Configure | System | VLANs’ page and
click on ‘Create VLAN’.
❏ Specify the VLAN name.
❏ Specify the VLAN ID.
Note. when using ‘Identity-based Networking’ to assign users to a VLAN from a AAA server, users are assigned to the VLAN by VLAN name. The name of the VLAN set on the MX must match the VLAN name returned by the RADIUS server in the Access Accept message. VLAN names are case sensitive.
MX Management with WebView
72
Common WebView Tasks
Figure 63. Configuring a VLAN
Configuring a VLAN☛ To configure a VLAN on the MX go to the ‘Configure | System | VLANs’ page
and click on the settings icon beside the VLAN to be configured.
☛ VLAN Tab
❏ View the VLAN ID, edit the VLAN name, enable or disable STP and/or IGMP.
☛ Ports Tab
❏ Add MX ports to the VLAN and specify whether they are tagged or untagged. For tagged VLANs set the VLAN tag value.
Note. the VLAN tag value configure on the MX must match the tag value defined in the infrastructure switch port that the MX connects to.
☛ IP Tab
❏ Specify whether an IP interface is to be enabled on this VLAN and if necessary set the IP address and netmask length (bits). The option to use DHCP to assign an address to the MX on the VLAN is also available.
Note. the MX does not require an IP address on every VLAN that is defined on it, it can switch user traffic to the VLAN at Layer 2. the only VLANs that require an IP address are: the MX management VLAN, any VLAN to be used for a Web Portal service.
MX Management with WebView73
Common WebView Tasks
☛ DHCP Server Tab
❏ Specify whether a DHCP server is to be enabled on this VLAN and if necessary configure address pool start and stop addresses.
Note. the DHCP server can only be enabled on a VLAN if the IP interface on that VLAN is enabled.
☛ Click on the ‘Apply’ or ‘OK’ buttons to save configuration settings to the MX.
MX Management with WebView
74
Common WebView Tasks
Figure 64. Managing Users
Managing Users☛ To create a new User Group on the MX go to the ‘Configure | Authentication |
Users’ page, select the ‘Groups’ tab and click on ‘Create New Group’.
❏ Name the group and specify a VLAN for the group members (if necessary), click on ‘Finish’.
☛ To create a new User on the MX go to the ‘Configure | Authentication | Users’ page, select the ‘Users’ tab and click on ‘Create New User’.
❏ Name the user (required).
❏ Specify a group for the user (optional).
❏ Specify a VLAN for the user (optional).
❏ Specify a permitted SSID for the user (optional).
❏ Set and confirm a password for the user (required).
❏ Click on ‘Finish’ to create the user in the local user database.
MX Management with WebView75
Common WebView Tasks
Figure 65. Managing Devices
Managing Devices☛ To create a new Device Group on the MX go to the ‘Configure | Authentication
| Devices’ page, select the ‘Device Groups’ tab and click on ‘Create New Group’.
❏ Name the group and specify a VLAN for the group members (if necessary), click on ‘Finish’.
☛ To create a new Device on the MX go to the ‘Configure | Authentication | Devices’ page, select the ‘Device Users’ tab and click on ‘Create New Device’.
❏ Specify the MAC address for the device (required).
❏ Specify a group for the user (optional).
❏ Specify a VLAN for the user (optional).
❏ Click on ‘Finish’ to create the device in the local user database.
Note. the wildcard character ‘*’ may be used when defining a MAC address, e.g. to specify all MAC addresses from a specific vendor OUI.
MX Management with WebView
76
Common WebView Tasks
Figure 66. Adding a RADIUS Server
Adding a RADIUS Server☛ To create a new RADIUS Server on the MX go to the ‘Configure |
Authentication | RADIUS’ page and click on ‘Add RADIUS Server’.
❏ Name the server (required).
❏ Specify the IP address that the server can be reached on (required).
❏ Specify the port to be used for authentications (required, defaults to 1812).
❏ Specify and confirm the Shared Secret for the RADIUS server.
❏ Click on ‘Finish’ to create the RADIUS server.
Note. the RADIUS server must be available for authentications on the IP address and port specified and with the specified shared secret. A RADIUS ‘ping’ utility is available at the MX command line interface for testing connections to RADIUS servers.
MX Management with WebView77
Common WebView Tasks
Figure 67. Adding a Service: 802.1X
Adding a Service: 802.1X☛ To create a new 802.1X service on the MX go to the ‘Configure | Wireless |
Services’ page and click on ‘Create New Service’.
❏ Name the Service Profile (required).
❏ Specify a suitable SSID (required).
❏ Select the authentication type ‘User authentication (802.1X)’ (required).
❏ Specify a VLAN of last resort for the service (optional).
Note. users will be placed onto the VLAN of last resort only if the AAA server does not return a VLAN name for them on authentication.
❏ Specify where to authenticate the users (required), the options are:
❍ Local—for the local user database on the MX.
❍ RADIUS—for an external RADIUS server.
Note. although multiple RADIUS servers may be created on the MX, in WebView they are all members of the same RADIUS server group. Authentication on a service are targeted against the RADIUS server group.
❏ Select what 802.1X protocol to use on the service (required), the options are:
❍ Local EAP-TLS—for EAP-TLS in offload mode.
MX Management with WebView
78
Common WebView Tasks
❍ PEAP/MSCHAP-V2—for PEAP/MSCHAP-v2 in offload mode.
❍ External RADIUS—for any standards-based EAP type in passthrough mode.
Note. in passthrough mode the RADIUS server must support the desired EAP type.
❏ Click on ‘Next’ to configure the security method for the service, the options are:
❍ RSN (WPA2) (recommended).
❍ WPA.
❍ Dynamic WEP.
❏ Click on ‘Next’ to specify encryption types for the service, the options are:
❍ RSN AES (CCMP) (recommended).
❍ RSN TKIP.
❍ RSN WEP 104.
❍ RSN WEP 40.
❍ WPA AES (CCMP).
❍ WPA TKIP.
❍ WPA WEP 104.
❍ WPA WEP 40.
Warning! WEP offers little protection to the primary service as WEP keys may be recovered in a matter of minutes using freely available cracker tools. TKIP is vulnerable to a keystream recovery attack that, if successfully executed, permits an attacker to transmit 7-15 packets of the attacker's choice on the network. To ensure robust security on a WLAN Trapeze Networks recommends the use of WPA2 security with 802.1X authentication and the AES Cipher.
❏ Click on ‘Finish’ to create the service.
MX Management with WebView79
Common WebView Tasks
Figure 68. Adding Services: Web Portal
Adding a Service: Web Portal☛ To create a new Web Portal service on the MX go to the ‘Configure | Wireless |
Services’ page and click on ‘Create New Service’.
❏ Name the Service Profile (required).
❏ Specify a suitable SSID (required).
❏ Select the authentication type ‘User authentication (Web)’ (required).
❏ Indicate whether encryption is required on the service or not.
Note. in most cases Web Portal services are defined without any encryption. If encryption is enabled crypto keys must be statically defined, e.g. using WEP or WPA/WPA2 with the ‘pre-shared key’ option (PSK).
❏ Specify a VLAN for the service (required).
Note. the VLAN must have an active IP interface.
❏ Specify where to authenticate the users (required), the options are:
❍ Local—for the local user database on the MX.
❍ RADIUS—for an external RADIUS server.
MX Management with WebView
80
Common WebView Tasks
Note. although multiple RADIUS servers may be created on the MX, in WebView they are all members of the same RADIUS server group. Authentication on a service are targeted against the RADIUS server group.
❏ If necessary click on ‘Next’ to configure the security method and encryption types.
❏ Click on ‘Finish’ to create the service.
MX Management with WebView81
Common WebView Tasks
Figure 69. Adding Services: Open Access
Adding a Service: Open Access☛ To create a new Open Access service on the MX go to the ‘Configure | Wireless
| Services’ page and click on ‘Create New Service’.
❏ Name the Service Profile (required).
❏ Specify a suitable SSID (required).
❏ Select the authentication type ‘None’ (required).
❏ Indicate whether encryption is required on the service or not.
Note. in most cases open access services are defined without any encryption. If encryption is enabled crypto keys must be statically defined, e.g. using WEP or WPA/WPA2 with the ‘pre-shared key’ option (PSK).
❏ Specify a VLAN for the service (required).
❏ If necessary click on ‘Next’ to configure the security method and encryption types.
❏ Click on ‘Finish’ to create the service.
MX Management with WebView
82
Common WebView Tasks
Figure 70. Adding Services: MAC Authentication
Adding a Service: MAC Authentication☛ To create a new MAC Authentication service on the MX go to the ‘Configure |
Wireless | Services’ page and click on ‘Create New Service’.
❏ Name the Service Profile (required).
❏ Specify a suitable SSID (required).
❏ Select the authentication type ‘Device authentication (MAC Address)’ (required).
❏ Indicate whether encryption is required on the service or not.
Note. if encryption is enabled crypto keys must be statically defined, e.g. using WEP or WPA/WPA2 with the ‘pre-shared key’ option (PSK).
❏ Specify a VLAN of last resort for the service (optional).
Note. devices will be placed onto the VLAN of last resort only if the AAA server does not return a VLAN name for them on authentication.
❏ Specify where to authenticate the users (required), the options are:
❍ Local—for the local user database on the MX.
❍ RADIUS—for an external RADIUS server.
MX Management with WebView83
Common WebView Tasks
Note. although multiple RADIUS servers may be created on the MX, in WebView they are all members of the same RADIUS server group. Authentication on a service are targeted against the RADIUS server group.
❏ If necessary click on ‘Next’ to configure the security method and encryption types.
❏ Click on ‘Finish’ to create the service.
MX Management with WebView
84
Lab 2: WebView Management
Figure 71. Lab 2: WebView Management
Lab 2: WebView Management
MX Management with WebView85
Lab 2: WebView Management
Figure 72. WebView Service Configuration
WebView Service Configuration
MX Management with WebView
86
Lab 2: WebView Management
Figure 73. WebView Management
WebView Management
MX Management with WebView87
Lab 2: WebView Management
Figure 74. WebView Monitoring and Maintenance
WebView Monitoring and Maintenance
MX Management with WebView
88
Lab 2: WebView Management
Figure 75. Lab 2: Questions
Lab 2: Questions
MX Management with WebView89
Answers to Lab Questions
Figure 76. Answers to Lab Questions
Answers to Lab Questions
MX Management with WebView
90
Answers to Lab Questions
Figure 77. Lab 1: Answers
Lab 1: Answers
MX Management with WebView91
Answers to Lab Questions
Figure 78. Lab 2: Answers
Lab 2: Answers
MX Management with WebView
92
Answers to Lab Questions
Figure 79. Thank You and Goodbye
Thank You and Goodbye
MX Management with WebView93
Answers to Lab Questions
MX Management with WebView
94